summaryrefslogtreecommitdiff
path: root/app/Http
diff options
context:
space:
mode:
authorGreg Roach <fisharebest@webtrees.net>2020-01-23 09:39:38 +0000
committerGreg Roach <fisharebest@webtrees.net>2020-01-23 09:39:38 +0000
commitf6924bc8aa0cd5eec0d5ec301d59ae0fb3c66217 (patch)
treed8bb4d57a55c8ba11183639e65232e4952eb98e4 /app/Http
parent027478c23a63b5681d8d4ac05fec614b75acb7ba (diff)
downloadwebtrees-f6924bc8aa0cd5eec0d5ec301d59ae0fb3c66217.tar.gz
webtrees-f6924bc8aa0cd5eec0d5ec301d59ae0fb3c66217.tar.bz2
webtrees-f6924bc8aa0cd5eec0d5ec301d59ae0fb3c66217.zip
Enforce access level for blocks
Diffstat (limited to 'app/Http')
-rw-r--r--app/Http/RequestHandlers/TreePage.php8
-rw-r--r--app/Http/RequestHandlers/TreePageDefaultEdit.php17
-rw-r--r--app/Http/RequestHandlers/TreePageEdit.php10
-rw-r--r--app/Http/RequestHandlers/TreePageUpdate.php10
-rw-r--r--app/Http/RequestHandlers/UserPage.php6
-rw-r--r--app/Http/RequestHandlers/UserPageDefaultEdit.php17
-rw-r--r--app/Http/RequestHandlers/UserPageEdit.php10
-rw-r--r--app/Http/RequestHandlers/UserPageUpdate.php11
8 files changed, 68 insertions, 21 deletions
diff --git a/app/Http/RequestHandlers/TreePage.php b/app/Http/RequestHandlers/TreePage.php
index b0e02b034e..0466bc8213 100644
--- a/app/Http/RequestHandlers/TreePage.php
+++ b/app/Http/RequestHandlers/TreePage.php
@@ -19,6 +19,7 @@ declare(strict_types=1);
namespace Fisharebest\Webtrees\Http\RequestHandlers;
+use Fisharebest\Webtrees\Contracts\UserInterface;
use Fisharebest\Webtrees\Http\ViewResponseTrait;
use Fisharebest\Webtrees\Module\ModuleBlockInterface;
use Fisharebest\Webtrees\Services\HomePageService;
@@ -61,6 +62,9 @@ class TreePage implements RequestHandlerInterface
$tree = $request->getAttribute('tree');
assert($tree instanceof Tree);
+ $user = $request->getAttribute('user');
+ assert($user instanceof UserInterface);
+
$has_blocks = DB::table('block')
->where('gedcom_id', '=', $tree->id())
->exists();
@@ -81,8 +85,8 @@ class TreePage implements RequestHandlerInterface
}
return $this->viewResponse('tree-page', [
- 'main_blocks' => $this->home_page_service->treeBlocks($tree->id(), ModuleBlockInterface::MAIN_BLOCKS),
- 'side_blocks' => $this->home_page_service->treeBlocks($tree->id(), ModuleBlockInterface::SIDE_BLOCKS),
+ 'main_blocks' => $this->home_page_service->treeBlocks($tree, $user, ModuleBlockInterface::MAIN_BLOCKS),
+ 'side_blocks' => $this->home_page_service->treeBlocks($tree, $user, ModuleBlockInterface::SIDE_BLOCKS),
'title' => e($tree->title()),
'tree' => $tree,
'meta_robots' => 'index,follow',
diff --git a/app/Http/RequestHandlers/TreePageDefaultEdit.php b/app/Http/RequestHandlers/TreePageDefaultEdit.php
index 4073e8e6e4..777770c496 100644
--- a/app/Http/RequestHandlers/TreePageDefaultEdit.php
+++ b/app/Http/RequestHandlers/TreePageDefaultEdit.php
@@ -19,14 +19,17 @@ declare(strict_types=1);
namespace Fisharebest\Webtrees\Http\RequestHandlers;
+use Fisharebest\Webtrees\Contracts\UserInterface;
use Fisharebest\Webtrees\Http\ViewResponseTrait;
use Fisharebest\Webtrees\I18N;
use Fisharebest\Webtrees\Module\ModuleBlockInterface;
use Fisharebest\Webtrees\Services\HomePageService;
+use Fisharebest\Webtrees\Tree;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\RequestHandlerInterface;
+use function assert;
use function route;
/**
@@ -54,14 +57,22 @@ class TreePageDefaultEdit implements RequestHandlerInterface
*/
public function handle(ServerRequestInterface $request): ResponseInterface
{
+ $tree = $request->getAttribute('tree');
+ assert($tree instanceof Tree);
+
+ $user = $request->getAttribute('user');
+ assert($user instanceof UserInterface);
+
$this->layout = 'layouts/administration';
$this->home_page_service->checkDefaultTreeBlocksExist();
- $main_blocks = $this->home_page_service->treeBlocks(-1, ModuleBlockInterface::MAIN_BLOCKS);
- $side_blocks = $this->home_page_service->treeBlocks(-1, ModuleBlockInterface::SIDE_BLOCKS);
+ $default_tree = new Tree(-1, 'DEFAULT', 'DEFAULT');
+
+ $main_blocks = $this->home_page_service->treeBlocks($default_tree, $user, ModuleBlockInterface::MAIN_BLOCKS);
+ $side_blocks = $this->home_page_service->treeBlocks($default_tree, $user, ModuleBlockInterface::SIDE_BLOCKS);
- $all_blocks = $this->home_page_service->availableTreeBlocks();
+ $all_blocks = $this->home_page_service->availableTreeBlocks($tree, $user);
$title = I18N::translate('Set the default blocks for new family trees');
$url_cancel = route(ControlPanel::class);
$url_save = route(TreePageDefaultUpdate::class);
diff --git a/app/Http/RequestHandlers/TreePageEdit.php b/app/Http/RequestHandlers/TreePageEdit.php
index a3d1086e65..d8774d11f0 100644
--- a/app/Http/RequestHandlers/TreePageEdit.php
+++ b/app/Http/RequestHandlers/TreePageEdit.php
@@ -19,6 +19,7 @@ declare(strict_types=1);
namespace Fisharebest\Webtrees\Http\RequestHandlers;
+use Fisharebest\Webtrees\Contracts\UserInterface;
use Fisharebest\Webtrees\Http\ViewResponseTrait;
use Fisharebest\Webtrees\I18N;
use Fisharebest\Webtrees\Module\ModuleBlockInterface;
@@ -59,10 +60,13 @@ class TreePageEdit implements RequestHandlerInterface
$tree = $request->getAttribute('tree');
assert($tree instanceof Tree);
- $main_blocks = $this->home_page_service->treeBlocks($tree->id(), ModuleBlockInterface::MAIN_BLOCKS);
- $side_blocks = $this->home_page_service->treeBlocks($tree->id(), ModuleBlockInterface::SIDE_BLOCKS);
+ $user = $request->getAttribute('user');
+ assert($user instanceof UserInterface);
- $all_blocks = $this->home_page_service->availableTreeBlocks();
+ $main_blocks = $this->home_page_service->treeBlocks($tree, $user, ModuleBlockInterface::MAIN_BLOCKS);
+ $side_blocks = $this->home_page_service->treeBlocks($tree, $user, ModuleBlockInterface::SIDE_BLOCKS);
+
+ $all_blocks = $this->home_page_service->availableTreeBlocks($tree, $user);
$title = I18N::translate('Change the “Home page” blocks');
$url_cancel = route(TreePage::class, ['tree' => $tree->name()]);
$url_save = route(TreePageUpdate::class, ['tree' => $tree->name()]);
diff --git a/app/Http/RequestHandlers/TreePageUpdate.php b/app/Http/RequestHandlers/TreePageUpdate.php
index 7f59cdd82c..ab39fa3d73 100644
--- a/app/Http/RequestHandlers/TreePageUpdate.php
+++ b/app/Http/RequestHandlers/TreePageUpdate.php
@@ -19,6 +19,7 @@ declare(strict_types=1);
namespace Fisharebest\Webtrees\Http\RequestHandlers;
+use Fisharebest\Webtrees\Contracts\UserInterface;
use Fisharebest\Webtrees\Module\ModuleBlockInterface;
use Fisharebest\Webtrees\Services\HomePageService;
use Fisharebest\Webtrees\Tree;
@@ -57,16 +58,21 @@ class TreePageUpdate implements RequestHandlerInterface
$tree = $request->getAttribute('tree');
assert($tree instanceof Tree);
+ $user = $request->getAttribute('user');
+ assert($user instanceof UserInterface);
+
$params = (array) $request->getParsedBody();
$defaults = (bool) ($params['defaults'] ?? false);
if ($defaults) {
- $main_blocks = $this->home_page_service->treeBlocks(-1, ModuleBlockInterface::MAIN_BLOCKS)
+ $default_tree = new Tree(-1, 'DEFAULT', 'DEFAULT');
+
+ $main_blocks = $this->home_page_service->treeBlocks($default_tree, $user, ModuleBlockInterface::MAIN_BLOCKS)
->map(static function (ModuleBlockInterface $block) {
return $block->name();
});
- $side_blocks = $this->home_page_service->treeBlocks(-1, ModuleBlockInterface::SIDE_BLOCKS)
+ $side_blocks = $this->home_page_service->treeBlocks($default_tree, $user, ModuleBlockInterface::SIDE_BLOCKS)
->map(static function (ModuleBlockInterface $block) {
return $block->name();
});
diff --git a/app/Http/RequestHandlers/UserPage.php b/app/Http/RequestHandlers/UserPage.php
index 944131b916..ea48fe8e5e 100644
--- a/app/Http/RequestHandlers/UserPage.php
+++ b/app/Http/RequestHandlers/UserPage.php
@@ -19,6 +19,7 @@ declare(strict_types=1);
namespace Fisharebest\Webtrees\Http\RequestHandlers;
+use Fisharebest\Webtrees\Contracts\UserInterface;
use Fisharebest\Webtrees\Http\ViewResponseTrait;
use Fisharebest\Webtrees\I18N;
use Fisharebest\Webtrees\Module\ModuleBlockInterface;
@@ -62,6 +63,7 @@ class UserPage implements RequestHandlerInterface
assert($tree instanceof Tree);
$user = $request->getAttribute('user');
+ assert($user instanceof UserInterface);
$has_blocks = DB::table('block')
->where('user_id', '=', $user->id())
@@ -83,8 +85,8 @@ class UserPage implements RequestHandlerInterface
}
return $this->viewResponse('user-page', [
- 'main_blocks' => $this->home_page_service->userBlocks($user->id(), ModuleBlockInterface::MAIN_BLOCKS),
- 'side_blocks' => $this->home_page_service->userBlocks($user->id(), ModuleBlockInterface::SIDE_BLOCKS),
+ 'main_blocks' => $this->home_page_service->userBlocks($tree, $user, ModuleBlockInterface::MAIN_BLOCKS),
+ 'side_blocks' => $this->home_page_service->userBlocks($tree, $user, ModuleBlockInterface::SIDE_BLOCKS),
'title' => I18N::translate('My page'),
'tree' => $tree,
]);
diff --git a/app/Http/RequestHandlers/UserPageDefaultEdit.php b/app/Http/RequestHandlers/UserPageDefaultEdit.php
index d5c57a939b..99ed9e3123 100644
--- a/app/Http/RequestHandlers/UserPageDefaultEdit.php
+++ b/app/Http/RequestHandlers/UserPageDefaultEdit.php
@@ -19,14 +19,17 @@ declare(strict_types=1);
namespace Fisharebest\Webtrees\Http\RequestHandlers;
+use Fisharebest\Webtrees\Contracts\UserInterface;
use Fisharebest\Webtrees\Http\ViewResponseTrait;
use Fisharebest\Webtrees\I18N;
use Fisharebest\Webtrees\Module\ModuleBlockInterface;
use Fisharebest\Webtrees\Services\HomePageService;
+use Fisharebest\Webtrees\Tree;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\RequestHandlerInterface;
+use function assert;
use function route;
/**
@@ -54,13 +57,21 @@ class UserPageDefaultEdit implements RequestHandlerInterface
*/
public function handle(ServerRequestInterface $request): ResponseInterface
{
+ $tree = $request->getAttribute('tree');
+ assert($tree instanceof Tree);
+
+ $user = $request->getAttribute('user');
+ assert($user instanceof UserInterface);
+
$this->layout = 'layouts/administration';
$this->home_page_service->checkDefaultUserBlocksExist();
- $main_blocks = $this->home_page_service->userBlocks(-1, ModuleBlockInterface::MAIN_BLOCKS);
- $side_blocks = $this->home_page_service->userBlocks(-1, ModuleBlockInterface::SIDE_BLOCKS);
- $all_blocks = $this->home_page_service->availableUserBlocks();
+ $default_tree = new Tree(-1, 'DEFAULT', 'DEFAULT');
+
+ $main_blocks = $this->home_page_service->userBlocks($default_tree, $user, ModuleBlockInterface::MAIN_BLOCKS);
+ $side_blocks = $this->home_page_service->userBlocks($default_tree, $user, ModuleBlockInterface::SIDE_BLOCKS);
+ $all_blocks = $this->home_page_service->availableUserBlocks($tree, $user);
$title = I18N::translate('Set the default blocks for new users');
$url_cancel = route('admin-users');
$url_save = route(UserPageDefaultUpdate::class);
diff --git a/app/Http/RequestHandlers/UserPageEdit.php b/app/Http/RequestHandlers/UserPageEdit.php
index 64b11c1b83..76b97d2ca5 100644
--- a/app/Http/RequestHandlers/UserPageEdit.php
+++ b/app/Http/RequestHandlers/UserPageEdit.php
@@ -19,6 +19,7 @@ declare(strict_types=1);
namespace Fisharebest\Webtrees\Http\RequestHandlers;
+use Fisharebest\Webtrees\Contracts\UserInterface;
use Fisharebest\Webtrees\Http\ViewResponseTrait;
use Fisharebest\Webtrees\I18N;
use Fisharebest\Webtrees\Module\ModuleBlockInterface;
@@ -59,10 +60,13 @@ class UserPageEdit implements RequestHandlerInterface
$tree = $request->getAttribute('tree');
assert($tree instanceof Tree);
+ $user = $request->getAttribute('user');
+ assert($user instanceof UserInterface);
+
$user = $request->getAttribute('user');
- $main_blocks = $this->home_page_service->userBlocks($user->id(), ModuleBlockInterface::MAIN_BLOCKS);
- $side_blocks = $this->home_page_service->userBlocks($user->id(), ModuleBlockInterface::SIDE_BLOCKS);
- $all_blocks = $this->home_page_service->availableUserBlocks();
+ $main_blocks = $this->home_page_service->userBlocks($tree, $user, ModuleBlockInterface::MAIN_BLOCKS);
+ $side_blocks = $this->home_page_service->userBlocks($tree, $user, ModuleBlockInterface::SIDE_BLOCKS);
+ $all_blocks = $this->home_page_service->availableUserBlocks($tree, $user);
$title = I18N::translate('Change the “My page” blocks');
$url_cancel = route(UserPage::class, ['tree' => $tree->name()]);
$url_save = route(UserPageUpdate::class, ['tree' => $tree->name()]);
diff --git a/app/Http/RequestHandlers/UserPageUpdate.php b/app/Http/RequestHandlers/UserPageUpdate.php
index 9b87887639..4eb97ee384 100644
--- a/app/Http/RequestHandlers/UserPageUpdate.php
+++ b/app/Http/RequestHandlers/UserPageUpdate.php
@@ -19,6 +19,7 @@ declare(strict_types=1);
namespace Fisharebest\Webtrees\Http\RequestHandlers;
+use Fisharebest\Webtrees\Contracts\UserInterface;
use Fisharebest\Webtrees\Module\ModuleBlockInterface;
use Fisharebest\Webtrees\Services\HomePageService;
use Fisharebest\Webtrees\Tree;
@@ -57,16 +58,20 @@ class UserPageUpdate implements RequestHandlerInterface
$tree = $request->getAttribute('tree');
assert($tree instanceof Tree);
- $user = $request->getAttribute('user');
+ $user = $request->getAttribute('user');
+ assert($user instanceof UserInterface);
+
$params = (array) $request->getParsedBody();
$defaults = (bool) ($params['defaults'] ?? false);
if ($defaults) {
- $main_blocks = $this->home_page_service->userBlocks(-1, ModuleBlockInterface::MAIN_BLOCKS)
+ $default_tree = new Tree(-1, 'DEFAULT', 'DEFAULT');
+
+ $main_blocks = $this->home_page_service->userBlocks($default_tree, $user, ModuleBlockInterface::MAIN_BLOCKS)
->map(static function (ModuleBlockInterface $block) {
return $block->name();
});
- $side_blocks = $this->home_page_service->userBlocks(-1, ModuleBlockInterface::SIDE_BLOCKS)
+ $side_blocks = $this->home_page_service->userBlocks($default_tree, $user, ModuleBlockInterface::SIDE_BLOCKS)
->map(static function (ModuleBlockInterface $block) {
return $block->name();
});